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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on September 18, 2008 has been entered. 

Response to Amendment 

This office action is in response to request for continued examination filed on September 
18, 2008. Applicant did not file any arguments or amendments with this request of continued 
examination. Presently Claims 1-18 are pending for consideration. 



Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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Claims 1, and 16-18 recites the limitation "a user input device", "a activities", "the 
observing of the observer program", "a user", "a user input device", "a user input device". There 
is insufficient antecedent basis for these limitations in the claim. 

Claim 3, 7, 9, 12, and 14 recites the limitation "a user", "a file", "alter the operation", 
"altering a file", "the observed program software", "to a user ", and "a graphical interface". 
There is insufficient antecedent basis for these limitations in the claim. 

Claim 4 rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. Applicant claims "by examining file information provided by the file system". It is not 
clear how this "examining" is performed? , and what to do with the result of the "examination" 
? if any. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1. Claims 1-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Togawa (U. 
S. Patent 6,240,530).and further in view of Drake (U. S. Patent 6,006,328). 
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2. Regarding Claim 1, Togawa teaches a system for detecting the presence of an observing 
program on a computer system, wherein the observing program is programmed to observe a 
user's activities on the computer system by monitoring user input entered through a user input 
device and to create data from the observing on the computer system, the system including 
computer software fro running on the computer system (Fig. 1-4), the system comprising: 
observer data that includes data descriptive of an observer program, the observer program being 
programmed to observe a user's activities on the computer system by monitoring user input 
entered through a user input device and also operating to create log file from the observing of the 
observer program (col. 5 line 7 to line 39); accessing instructions that access the observer data, 
comparing instructions that compare the observer data with memory data read in from memory 
to determine whether the observer program is present on the computer system (col.4 line 1 to line 
22, col. 8 line 14 to line 30); generating instructions that generate results from the comparing, 
wherein the results generated indicate whether the observer program is present on the computer 
system (col. 5 line 10 to line 38, and col. 8 line 22 to line 30); and outputting instructions that 
obtain the results and provide the results for a user ( col. 5 line 39 to line 50, col. 13 line 8 to line 
55, and col. 14 line 8 to line 25). 

Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 
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In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching (col. 3 line 38 to line 44, and col. 6 line 10 to line 20). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

3. Regarding Claim 16, Togawa teaches a system for detecting the presence of an observing 
program on a computer system, wherein the observing program is programmed to observe a 
user's activities on the computer system by monitoring user input entered through a user input 
device and to create data from the observing on the computer system, the system including 
computer software fro running on the computer system ((Fig. 1-4), the system, comprising: 
observer data that includes data descriptive of an observer program, the observer program being 
programmed to observe a user's activities on the computer system by monitoring user input 
entered through a user input device and also operating to create log file from the observing of the 
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observer program(col.5 line 7 to line 39); and means for accessing the observer data; means for 
generating results from the comparison(col.4 line 1 to line 22, col. 8 line 14 to line 30), wherein 
the results generated indicate whether the observer program is present on the computer 
system(col.5 line 10 to line 38, and col. 8 line 22 to line 30); and means for outputting the 
results for a user (col. 5 line 39 to line 50, col. 13 line 8 to line 55, and col. 14 line 8 to line 25). 
Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching (col. 3 line 38 to line 44, and col. 6 line 10 to line 20). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
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computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

4. Regarding Claim 17, Togawa teaches a method for detecting the presence of an observing 
program on a computer system, wherein the observing program is programmed to observe a 
user's activities on the computer system by monitoring user input entered through a user input 
device and to create data from the observing on the computer system, the system including 
computer software fro running on the computer system ((Fig. 1-4), the method comprising the 
steps of: 

accessing observer data, the observer data including data descriptive of an observer program, the 
observer program being programmed to observe a user's activities on the computer system by 
monitoring user input entered through a user input device and also operating to create log file 
from the observing of the observer program (col. 5 line 7 to line 39, and(col.4 line 1 to line 22, 
col. 8 line 14 to line 30); generating results from the reading and comparing, wherein the results 
generated indicate whether the observer program is present on the computer system(col.5 line 10 
to line 38, and col. 8 line 22 to line 30); and outputting the results for a user (( col. 5 line 39 to 
line 50, col. 13 line 8 to line 55, and col. 14 line 8 to line 25). 

Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 
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In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching (col. 3 line 38 to line 44, and col. 6 line 10 to line 20). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

5. Regarding Claim 18, Togawa teaches a computer-readable medium containing 
instructions for detecting the presence of an observing program on a computer system, wherein 
the observing program is programmed to observe a user's activities on the computer system by 
monitoring user input entered through a user input device and to create data from the observing 
on the computer system, wherein the instructions are executable to ((Fig. 1-4) comprised of the 
steps of: 

access observer data, the observer data including data descriptive of an observer program, the 
observer program being programmed to observe a user's activities on the computer system by 
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monitoring user input entered through a user input device and also operating to create log file 
from the observing of the observer program(col.5 line 7 to line 39, col.4 line 1 to line 22, col. 8 
line 14 to line 30); generate results from the reading and comparing, wherein the results 
generated indicate whether the observer program is present on the computer system; and 
output the results for a user ((col. 5 line 10 to line 38, and col. 8 line 22 to line 30). 
Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 5 line 39 to line 50, col.13 line 8 to line 55, and col. 14 line 8 to line 
25). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching (col. 3 line 38 to line 44, and col. 6 line 10 to line 20). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
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computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

6. Claims 2-15 are rejected applied as above rejecting Claim 1. Furthermore, the system of 
Togawa, and Drake teaches and describes, wherein, 

As per Claim 2, the reading instructions read the memory of the computer system by 
querying the operating system of the computer system for the tasks running and by examining 
task information provided by the operating system (col. 4 line 39 to line 57). 

As per Claim 3 is rejected as above in rejecting claim 1, wherein the outputting 
instructions provide the results to a user through a graphical user interface (col. 5 line 39 to line 
50, col. 13 line 8 to line 55, and col. 14 line 8 to line 25). 

As per Claim 4 is rejected as above in rejecting claim 1, wherein the reading instructions 
read the memory of the computer system by querying the file system of the computer system for 
the files located on storage media and by examining file information provided by the file system 
(col. 19 line 10 to col.20 line 65). 

As per Claim 5 is rejected as above in rejecting claim 1, wherein the reading instructions 
read the memory of the computer system by opening a file located on storage media and by 
examining contents of the file (Togawa: col. 19 line 10 to col.20 line 65). 

As per Claim 6 is rejected as above in rejecting claim 1, wherein the observer data 
includes data descriptive of a plurality of observer programs and wherein the system compares 
the observer data with the memory data to determine whether any known observer program is 
present (Togawa: col. 19 line 10 to col.20 line 65). 
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As per Claim 7 is rejected as above in rejecting claim 1, further comprising 
countermeasure instructions wherein the countermeasure instructions alter the operation of the 
observer program (Togawa: col. 19 line 10 to col. 20 line 65). 

As per Claim 8 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering observer program 
configuration data (Togawa: col. 19 line 10 to col.20 line 65). 

As per Claim 9 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering a file on the computer system 
(Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 to col.20 line 65). 

As per Claim 10 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering reporting data generated by 
the observer program (Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 
to col.20 line 65). 

As per Claim 1 1 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by replacing reporting data generated by 
the observer program (Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 
to col.20 line 65). 

As per Claim 12 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by replacing a file of the observer 
program (Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 to col.20 line 
65). 
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As per Claim 13 is rejected as above in rejecting claim 1, wherein the observer data 
includes data descriptive of observing activity typical of observing programs and wherein the 
system compares the observer data with the memory data to determine whether any known 
observer program is present (Togawa col. 5 line 7 to line 39, col.4 line 1 to line 22, col. 8 line 14 
to line 30, col.l31ine 8 to line 56, and Drake: col. 3 line 38 to line 44, and col. 6 line 10 to line 31). 

As per Claim 14 is rejected as above in rejecting claim 1, further comprising the 
observer data, wherein the observer data includes a list of files and modules that are part of the 
observer program software, and wherein the reading instructions read the memory of the 
computer system by querying the operating system of the computer system for the tasks running 
and by examining task information provided by the operating system, and wherein the reading 
instructions also read the memory of the computer system by querying the file system of the 
computer system for the files located on storage media and by examining file information 
provided by the file system, and wherein the outputting instructions provide the results to a user 
through a graphical user interface (Togawa: col. 5 line 7 to line 39, col.4 line 1 to line 22, col. 8 
line 14 to line 30, col.l31ine 8 to line 56, and Drake: and Drake: col. 3 line 38 to line 44, and 
col. 6 line 10 to line 31). 

As per Claim 15 is rejected as above in rejecting claim 1, wherein the system is made 
available over a computer network through a web site (Fig. 15-17, col. 29 line 40 to col. 31 line 
40). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

December 2, 2008 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



